4 ssh config tips for faster remote working
by Matthias Willerich on April 17 2009, 12:00
With the vast majority of web developers deploying their own code, and ssh playing a central role in the toolbox, I felt that tweaking this part of my work saves me some time, and if not, definitely some frustration over mistyping passwords and host names.
So, for myself as much as everyone out there, here is my collected useful knowledge that has helped me ease the pain of remote work.
1. Execute commands remotely as one-liners
This is what some deployment tools such as vlad use, but for a quick look at something, it cuts out valuable seconds you could look at web comics instead.
Let's try a simple example:
matthias:~ matthias$ ssh remoteuser@myserver.pretendco.com ls -l
remoteuser@myserver.pretendco.com's password:
total 804
lrwxrwxrwx 1 remoteuser remoteuser 31 Nov 10 2007 access-logs -> /links/to/my/access-logs
drwxr-xr-x 2 remoteuser remoteuser 2048 Apr 6 2008 cgi-bin
-rw-r--r-- 1 remoteuser remoteuser 808417 Jul 17 2007 error_log_dump
drwxr-x--- 3 remoteuser mail 2048 Oct 1 2007 etc
drwxrwx--- 7 remoteuser remoteuser 2048 Apr 4 02:33 mail
drwxr-x--- 3 remoteuser remoteuser 2048 May 23 2008 public_ftp
drwxr-x--- 30 remoteuser nobody 2048 Dec 4 06:33 public_html
drwxr-xr-x 7 remoteuser remoteuser 2048 Sep 24 2008 tmp
lrwxrwxrwx 1 remoteuser remoteuser 11 Apr 1 2006 www -> public_html
matthias:~ matthias$
You can even pipe through to a remote command. Here's an example taken from Look Here First, where the content of a local file is concatenated to a remote file.
matthias:~ matthias$ cat localfile.txt | ssh remoteuser@myserver.pretendco.com "cat - >> remotefile.txt"
2. Add your public key to your remote server
Next let's see how we can get around typing our password all the time. One way of doing this is to add your public key to your remote server.
# first, upload public key from client to server
client$ scp ~/.ssh/id_rsa.pub remoteuser@myserver.pretendco.com:~
# next, setup the public key on server
server$ mkdir ~/.ssh
server$ chmod 700 ~/.ssh
server$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
server$ chmod 600 ~/.ssh/authorized_keys
server$ rm ~/id_rsa.pub
Of course, we can combine with the previous example and run it like this:
matthias:~ matthias$ cat ~/.ssh/id_dsa.pub | ssh remoteuser@myserver.pretendco.com "cat - >> ~/.ssh/authorized_keys2"
Windows users fear not, you can do this too, with PuTTY and PuTTYgen.
3. Let the ControlMaster handle your sessions
Sadly this might not always possible, maybe your key management on your server is different, or you don't have permissions to the file.
Luckily you can get around this by letting your first ssh connection act as ControlMaster. By adding the following to ~/.ssh/config, you only need to enter your password once, and all parallel sessions won't ask for a password
Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
4. Set your user and hostname for your host
Finally, more often than not your username won't be the same on your local machine and on whatever server you'd like to connect to, or your server might not use the default ssh port. Or maybe you're just tired of typing that superlong domain name, and look for a less challenging typing task. ~/.ssh/config to the rescue.
As final example:
Host myserver
User remoteuser
Port 22022
HostName myserver.pretendco.com
Most likely you won't need the Port instruction in there, because your server runs ssh on the default port 22, so just drop the line.
All this allows us something as compact as:
matthias:~ matthias$ ssh myserver mycommand
Have fun, and let's hope this got you into your weekend early!
Comments
by amber jewellery on June 25 2009, 22:42 #
by Arnaud on April 25 2009, 18:36 #
@Arnaud: I had to look up this one first; it is indeed a great way of adding your public key to a server. This is part of OpenSSH, but sadly not of the default OS X installation (I guess linux folks are fine).
To get a more elegant solution for #2 on a Mac, download the latest portable OpenSSH and find the ssh-copy-id script in /contrib folder. Copy it, err, somewhere where your system finds it, and you're good to go. Thanks for the tip!
by Matthias Willerich on April 26 2009, 01:32 #
by Giorgio Sironi on April 26 2009, 13:15 #
This is an interesting post. I wasn't aware of the ControlMaster. I'm going to look into that more.
re: #2 (Add your public key to your remote server), @Matthias as you said, ssh_copy_id isn't available for the OS X people in the crowd. For the subset of that crowd that isn't offended by Ruby, I wrote a tool called Rye for doing all kinds of remote SSH stuff (including executing commands on multiple machines in parallel). It comes with a command-line utility that can copy keys too:
It can be installed with the command:
by Delano Mandelbaum on April 30 2009, 15:21 #
by MacDork on April 17 2009, 16:36 #
@MacDork: IdentityFile is a good way of handling multiple, well, identities; perfect for someone who likes to keep business and private (or in case of many freelancers/contractors business, business, business and private) separate. Use one identity for work, and another for personal projects, etc.
Thanks for the reminder. There's of course much more configuration options, here's a link to the man pages
by Matthias Willerich on April 18 2009, 08:48 #
by Alistair Holt on April 17 2009, 20:53 #
by fotowoltaika on August 1 2010, 11:14 #